Software management systems and methods for automotive computing devices

ABSTRACT

Programmable automotive computing devices and methods are described. In but one embodiment, the automotive computing device is programmed to copy an object store into device flash memory and to create an object store page table in device SRAM that is configured to track the locations of all of the object store pages in the device.

RELATED APPLICATION

This application is a divisional application of and claims priority toU.S. patent application Ser. No. 09/745,894 filed Dec. 20, 2000 now U.S.Pat. No. 6,801,994, the disclosure of which is incorporated by referenceherein.

TECHNICAL FIELD

This invention relates generally to automotive computing devices.

BACKGROUND

Automobiles are becoming increasingly popular platforms on which toprovide computing devices. One popular computing device in theautomotive space is Microsoft's Auto PC. Powered by the MicrosoftWindows CE operating system, the Auto PC is Microsoft's in-carentertainment and information platform technology. Hardware versions ofthe Auto PC platform can fit into most automobile dashboards, have colorLCD screens, high-powered AM/FM stereos, and CD-ROM drives. Theinclusion of the CD-ROM drive allows users to access vast stores of dataon their Auto PC. The Auto PC is ideally an extensible platform whichcan be built upon to provide added applications and functionality forthe user. For example, applications can be provided that enable driversto use voice commands to check e-mail and schedules, find phone numbers,make calls on their car phones and get news and other information. TheAuto PC can include applications that permit wireless Internet accessfor the purpose of searching and retrieving information over the Web.The Auto PC platform provides a platform for a seemingly endless numberof user applications that can greatly enhance the user's experience.

There are challenges, however, associated with providing computingdevices such as the Auto PC in automobiles.

In automobiles using Windows CE or any other type of operating system,there is typically critical data that the system uses which is usuallystored in so-called working RAM (i.e. volatile dynamic random accessmemory) for speed of access. This critical data can include applicationdata (e.g. navigation data, address book data, third party installedapplications and the like). Dynamic random access memory has to beconstantly refreshed or the data that it contains will be lost. If thepower is lost, the DRAM cannot be refreshed and, hence, any criticaldata that it contains is lost.

Current Windows CE implementations, as well as other implementations,use a small cell back-up battery that is used to back up the entire DRAMwhen the system goes in a standby mode associated with, for example, apower loss. For automotive requirements (such as Auto PC and the like),there are a number of problems with this solution. Typically, thebatteries that are used for backup purposes do not meet automotivespecifications. For example, the temperature ranges at which thebatteries work are not suitable for the temperature ranges typicallyencountered by automobiles. Additionally, automotive manufacturers ororiginal equipment manufacturers (OEMs) do not want consumers to have togo to the burden of replacing the backup batteries when they eventuallyfail. The backup batteries, such as those produced by Tadiran, which domeet automotive requirements are limited to a few microamps of currentdraw if the non-rechargable battery is to last the life of the productwithout replacement.

FIG. 1 shows a portion of a storage system of a typical automotivecomputer generally at 10 that includes non-volatile storage 12 and DRAM14 coupled together by a bus 16. Exemplary non-volatile storage caninclude flash memory or E² memory. This type of memory does not need tobe refreshed and can retain its data in the event of a loss of power.DRAM, as pointed out above, needs to be constantly refreshed. When theautomobile's computer system is booted, its object store (i.e. database,the file system, and the registry) is typically copied from non-volatilestorage 12 into DRAM 14. When the automobile's computer system enterszero power mode, eliminating any drain on the car's main battery, theentire contents of DRAM 14 are written back into the non-volatilestorage 12. This ensures that the data is preserved and can be writteninto DRAM the next time that the system is booted up. The automobile'scomputer system may go to a standby state drawing only a few milliamps(DRAM in self-refresh state) for some time, perhaps a few days, asdetermined by the OEMs before entering zero power mode.

This solution works well as long as the system shut down to zero powermode is an orderly one that is known in advance. Specifically, considerthe case where non-volatile storage 12 is implemented as flash memory.In that case, the volatile data stored in DRAM (data that needs to bepreserved across power cycles) is written into the flash memory as acopy operation. This operation can take about 90 seconds to complete. Inthe context of an automotive computing device, it is often not possibleto know ahead of time that the power is going to be abruptly lost. Forexample, on a cold day in an automobile with a marginal battery, whenthe car is started, the starter can drop the voltage out of regulationinstantaneously. In that case, power loss is instantaneous and any datain DRAM will be lost.

One possible solution to the problem of an abrupt power loss involvesusing a capacitor in conjunction with the voltage supply to provide adecay of the supply voltage in the event of an abrupt power loss. Thissolution is not optimal or even desirable because the extra time that isprovided for copying data from DRAM to flash is entirely inadequate. Forexample, assuming 3A at 12V, by using a 5000 micro Farad electrolyticcapacitor to hold the computer system's input voltage, the supplyvoltage to the ICs can be held for approximately 12 milliseconds beforedropping out of regulation. Since many OEMs don't want to use acapacitor this large, the realistic hold time is probably more on theorder of 2 to 10 ms. This amount of time is not adequate to copy all ofthe necessary data to non-volatile storage. For example, consider that asingle erase and write flash operation for writing to one block of NORflash memory can take on the order of one second. Each flash block canbe on the order of 512 bytes to 4K bytes depending on the flash memory.So within the few milliseconds that are provided by the capacitorsolution, at most one Kbyte of data will be able to be written. This isnot adequate. Additionally, non-volatile storage such as flash memoryrequires more power when it is written to. Accordingly, this wouldfurther increase the capacitor size requirement.

Another possible solution for maintaining the system's critical data inthe event of an abrupt power loss is to continuously write the criticaldata into the flash memory. There are a number of problems with thisapproach. First, it takes a long time to write to flash memory (i.e.flash memory has to first be erased and then written to). Additionally,flash memory has a limited read/write capability so that if it is beingupdated continuously, it is going to wear out. Specifically, flashmemory and E² memory have on the order of 100,000-1,000,000 write cyclesper block. By constantly writing to flash memory you are eventuallygoing to wear the device out. Finally, it is possible to corrupt thecontents of flash if power is lost during a write to it.

Essentially then, the challenges associated with providing automotivecomputing devices such as the Auto PC can be distilled down to nothaving enough time to write the critical contents of DRAM intonon-volatile memory in the event of an abrupt power shut down. Anyproposed solutions to these challenges have to make good business sensein that they have to appreciate and work within the constraints ofmanufacturers and OEMs that are concerned with not having extrarechargable, user-replaceable batteries to back the memory system.

Accordingly, this invention arose out of concerns associated withproviding improved automotive computing devices and methods thatadequately address emergency power shut down issues, as well as otherissues.

SUMMARY

Methods and systems for operating automotive computing devices aredescribed. In one embodiment, a small amount of static RAM (SRAM) isincorporated into an automotive computing device. The SRAM isbattery-backed to provide a non-volatile memory space in which criticaldata, e.g. the object store, can be maintained in the event of a powerloss. Circuitry is provided to ensure that the SRAM receives back uppower from the battery at appropriate times.

Software manages the SRAM and the other storage assembly components andmakes use of virtual paging or virtual addressing techniques to keeptrack of where various pages, including object store pages, are storedin the system. The software knows where all of the object store pagesare located so that in the event of a power loss, the page locations areknown and hence the pages can be used when power is restored. The SRAMis advantageously used to maintain so-called “dirty pages” or pages thathave been written to so that these pages are not lost in the event of apower interruption. Additionally, the software can also provide anorderly means by which pages in the SRAM can be written out to flashmemory thereby avoiding unnecessary flash write operations which, inturn, increases the lifetime of the flash memory.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of an exemplary storage system in anautomotive computer.

FIG. 2 is a block diagram of an exemplary automotive computing devicethat is suitable for use in connection with the described embodiments.

FIG. 3 is a block diagram of a portion of the FIG. 2 computing device.

FIG. 4 is a block diagram of exemplary hardware components in accordancewith one described embodiment.

FIG. 5 is a graph or chart that is useful in understanding the operatingenvironment of the described embodiments.

FIG. 6 is a flow diagram that describes steps in a method in accordancewith one described embodiment.

FIG. 7 is a block diagram of one circuit in accordance with onedescribed embodiment.

FIG. 8 is a circuit diagram of one circuit in accordance with onedescribed embodiment.

FIG. 9 is a block diagram that illustrates aspects of but one exemplaryvirtual addressing system.

FIG. 10 is a flow diagram that describes steps in a method in accordancewith one described embodiment.

FIG. 11 is a diagram that illustrates an exemplary object store pagetable entry.

FIG. 12A is a table that describes aspects of handling object store pageexceptions.

FIG. 12B is a table that describes aspects of handling object store pageexceptions.

FIG. 13 is a flow diagram that describes steps in a method in accordancewith one described embodiment.

FIG. 14 is a diagram that is useful in understanding compaction aspectsof the described embodiments.

FIG. 15 is a flow diagram that describes steps in a method in accordancewith one described embodiment.

FIG. 16 is a diagram that is useful in understanding wear-levelingaspects of the described embodiments.

FIG. 17 is a flow diagram that describes steps in a method in accordancewith one described embodiment.

DETAILED DESCRIPTION

Overview

In accordance with the described embodiments, a cost-effective solutionto data loss problems caused by emergency power shut down in automotivecomputing devices is provided in the form of a small amount of staticRAM (e.g. 128-256K) that is incorporated into a storage assembly that isutilized by the computing devices. The storage assembly thus can containan amount of non-volatile storage (e.g. flash memory), dynamic randomaccess memory (DRAM or SDRAM), as well as the SRAM. The SRAM isbattery-backed by a small lithium cell battery which, together with theSRAM, provides a non-volatile memory space in which critical data can bemaintained. Using SRAMs is advantageous because they can be placed in alow power state in which they draw very little current from the backupbattery. This, in turn, greatly increases the lifetime (e.g. much longerthan 10 yrs) of the automotive computing system to the point that it hasexceeded the required operating life of the product. It is conceivablethat a 50-year life for the battery can be realized. In addition, SRAMalso provides write and read access times similar to those of ordinaryDRAM.

Power control circuitry is provided and ensures that the SRAM receivesback up power at the appropriate time. In the embodiment describedbelow, the circuitry determines when the supply voltage drops out ofregulation and then incorporates the backup power source into a circuitin which it can supply power to the SRAM.

Software is provided that manages the SRAM and the other storageassembly components. The software makes use of virtual paging or virtualaddressing techniques to keep track of where various pages, e.g. objectstore pages, are stored in the system. Through the techniques describedbelow, the system knows exactly where all of the object store pages arestored in the system so that in the event of an abrupt power loss, thedata locations are known. The SRAM is advantageously used to maintainso-called “dirty pages” or pages that have been written to. For example,all of the object store pages in the system are initially maintained innon-volatile storage, i.e. flash memory, as “read only” pages. The pagescan then read into RAM as they are needed. Just before a page is writtento (i.e. changed in some way), that page is moved into the SRAM and thesoftware updates the location of this page through virtual addressingtechniques. The locations of all of the object store pages in the systemare maintained in SRAM. In the event of an abrupt power failure, thecontents of the SRAM (i.e. dirty pages), as well as the locations of allof the object store pages in the system are preserved.

The software also provides an orderly means by which object store pagesin the SRAM can be written out to flash memory. By managing the mannerin which the pages in SRAM are written out to flash memory, unnecessaryflash write operations can be avoided which, in turn, increases thelifetime of the flash memory.

Exemplary Auto PC System

FIG. 2 shows an exemplary vehicle (e.g., automobile) computer system ordevice 200 that can be used in connection with the emergency shut downsystems and methods described above and below. System 200 is configuredfor use in a vehicle such as a car, truck or other similar conveyance.When in place in a vehicle, computer system 200 can provide a multitudeof services and applications as will become apparent below.

Vehicle computer system 200 has a centralized computer 202 coupled tovarious external peripheral devices, including a display device 204,security sensors 206, a vehicle diagnostic interface 208, speakers 210,a vehicle battery 212, a backup battery 214, and antenna(s) 216. Thecomputer 202 is assembled in a housing 218 that is sized to be mountedin a vehicle dashboard, similar to a conventional automobile stereo. Inthe illustrated example, the housing 218 has a form factor of a singleDIN (Deutsche Industry Normen). Alternatively, it could be housed in a 2DIN unit or other special form factor for an OEM.

The computer 202 runs an open platform operating system which supportsmultiple applications. Using an open platform operating system and anopen computer system architecture, various software applications andhardware peripherals can be produced by independent vendors andsubsequently installed by the vehicle user after purchase of thevehicle. This is advantageous in that the software applications do notneed to be specially configured for uniquely designed embedded systems.In the illustrated example the open hardware architecture runs amultitasking operating system that employs a graphical user interface. Amultitasking operating system allows simultaneous execution of multipleapplications. One such operating system is the Windows® brand ofoperating systems (e.g., the Windows CE® operating system) sold byMicrosoft Corporation of Redmond, Wash.

The computer 202 can include at least one storage drive which permitsthe vehicle user to download programs and data from a storage medium. Inthe illustrated implementation, the computer 202 has a CD ROM (or otheroptical) drive 220 which reads application-related CDs, as well asmusical, video, game, or other types of entertainment CDs. The computer202 may also include other storage devices, such as a magnetic diskdrive, smart card reader, PCMCIA card sockets, a hard disk drive, flashmemory, or a DVD (“digital video disk” or “digital versatile disk”)drive. In the embodiment described below, non-volatile memory isprovided in the form of flash memory. It is to be appreciated andunderstood that other storage devices can be used without departing fromthe spirit and scope of the described and claimed subject matter.

The storage drives are mounted in a base unit 228 of the housing 218.The base unit 228 is constructed and sized to be mounted in thedashboard. Optionally, this base unit may be removable in the samefashion as a laptop computer and its associated docking station. Thisoption allows the user to take the vehicle computer to his/her home oroffice to serve as his/her portable PC. The housing 218 also has afaceplate 230 which is pivotally mounted to the front of the base unit228 and may optionally be detachable. The faceplate can be rotated topermit easy and convenient access to the storage drives.

The computer 202 has a keypad 232 and a display 234 on the faceplate230. The operating system executing on the computer 202 controls thefaceplate components (keys, IrDA, display, knobs, touch screen, etc.),which, through the computer, can control the faceplate keys 232 and thefaceplate display 234 as peripheral devices when the faceplate isattached to the base unit. Additionally, the computer 202 has a voicerecognition device to permit the user to verbally enter commands in ahands-free, eyes-free environment. These voice commands can be used forcontrolling most operating modes of the vehicle computing platform. Thecomputer 202 is also equipped with an IrDA (infrared developersassociation) transceiver port 236 mounted on the faceplate 230 totransmit and receive data and programs using infrared signals. Theentire faceplate unit 230 can behave as a multifunction peripheral tothe computing platform.

The computer 202 can output visual data to the LCD 234 at the faceplate,or one or more display devices of the type shown in 204. In theexemplary illustration, display 234 is a back lit LCD and display 204 isa small flat panel display (e.g., 6.4″ screen) that is movably mountedon a stand or yoke and remotely located from the computer. Additionaldisplay devices may also be added that are similar to display 204 or234. Different types of display devices may also be added, such as aHeads Up Display (HUD).

The display 204 is fully adjustable to different viewing positions thatcan be seen by the driver or other passengers in the vehicle. The typeof data displayed can range widely from word instructions concerning thevehicle's performance, to diagrammatic directions from a navigationsystem, to video movies for in-car entertainment. The display 204 can beequipped with a view indicator switch 238. This switch can indicate tothe software whether the driver can view the display. Then, depending onwhether the car is being driven or not, the software can determine whichapplication content is appropriate to display on the display. Whenfacing the driver, only information supportive and helpful to driving(e.g., diagnostics, navigation directions) is displayed on the monitor,while distracting information (e.g., video movies, games) is blockedfrom display. In one implementation, the switch is an electricalcylindrical switch which closes when the display is capable of beingviewed by the driver; thus, the software can sense the display positionand only allow permitted information to be displayed.

In general, the vehicle computer system 200 can be used to integratemultiple vehicle-related systems onto one open platform hardware andsoftware architecture. For instance, the vehicle computer system 200 canserve as a multimedia entertainment system, a navigation system, acommunications system, a security system, and a diagnostics system.Moreover, the vehicle computer system 200 provides additionalfunctionality traditionally associated with desk-top and laptop personalcomputers. For instance, vehicle computer system 200 can support wordprocessing applications, spreadsheet applications, databaseapplications, web browser applications, and appointment/scheduleapplications. Furthermore, the vehicle computer system 200 can beconfigured to operate as a server to other computing units in thevehicle to distribute games, video movies, and the like to passengers.Furthermore, the system can include an internet connectivity engine 240that is configured to establish connectivity with the Internet. This canbe done in any suitable way. For example, the internet connectivityengine 240 can wirelessly establish connectivity with the Internetthrough known wireless techniques.

Information can be displayed on either display device 204 or display234. The information can be provided by an application running oncomputer 202, or by a device external to computer 202, such as sensors206 or via diagnostic interface 208, antenna 216, IrDA port 236, etc.Such information can also be provided to the computer via the internetconnectivity engine 240. Information that can be displayed includes anytype of data or control information. Additionally, information to bedisplayed can include a “caption” or “label” that describes the data.Examples of data that can be displayed include street addresses, phonenumbers, and directions (e.g., “Turn Left At Light On Main Street”).Such data can be displayed either including a caption describing thedata (e.g., “Address: 12345 Washington Street”, where “Address:” is thecaption portion of the information) or without a caption (e.g., “12345Washington Street”). Examples of control information include toolbars,menu options, and user-selectable on-screen regions (such as buttons),as well as instructions, headings, and other descriptive information.

In the discussion herein, the various embodiments are described in thegeneral context of computer-executable instructions, such as programmodules, being executed by one or more vehicle computers. Generally,program modules include routines, programs, objects, components, datastructures, etc. that perform particular tasks or implement particularabstract data types.

FIG. 3 shows certain exemplary components of computer 202 of FIG. 2 inmore detail. Computer 202 can include one or more processors orprocessing units 352, a system memory 354, and a bus 356 that couplesvarious system components including the system memory 354 to processors352.

The bus 356 represents one or more of any of several types of busstructures, including a memory bus or memory controller, a peripheralbus, an accelerated graphics port, and a processor or local bus usingany of a variety of bus architectures. The system memory 354 can includeread only memory (ROM) 358, dynamic random access memory (DRAM) 360, andnon-volatile storage or flash memory 361. In addition, in accordancewith the described embodiment, the system memory also includes a smallamount of SRAM 363.

A portion of the operating system, such as kernel 362, contains thebasic routines that help to transfer information between elements withincomputer 202, such as during start-up, can be stored in ROM 358 or flashmemory 361.

A number of program modules can be stored in ROM 358 or flash memory 361and transferred into DRAM 360. These include an operating system 364 andone or more application programs 366. A user may enter commands andinformation into computer 202 through various input devices, such as akeyboard (e.g., keypad 232 of FIG. 2), touchscreen, pointing device,microphone, joystick, game pad, satellite dish, scanner, or the like(not shown in FIG. 3). These and other input devices are coupled to theprocessing unit 352 through an input/output (I/O) interface 368 that iscoupled to the bus 356. A display 204 or 234, or other type of displaydevice, is also connected to the bus 356 via an interface, such as avideo adapter(s) 370. Data to be displayed on display 204 or 234 isprovided to adapter 370 by a display generator 372 of operating system364. In addition to the display, computers can include other peripheraloutput devices (not shown in FIG. 3) such as speakers and printers thatare coupled to the processing unit 352 through I/O interface 368.

Generally, the processors of computer 202 are programmed by means ofinstructions stored at different times in the various computer-readablestorage media of the computer. Programs and operating systems aretypically distributed, for example, on floppy disks, on PCMCIA cards, orCD-ROMs. From there, they are installed or loaded into the secondarymemory of a computer. At execution, they are loaded at least partiallyinto the computer's primary electronic memory.

The embodiments described herein include these and other various typesof computer-readable storage media when such media contain instructionsor programs for implementing the steps described below in conjunctionwith a microprocessor or other data processor. The described embodimentsalso include the computer itself when programmed according to themethods and techniques described below. Furthermore, certainsub-components of the computer may be programmed to perform thefunctions and steps described below. The described embodiments includesuch sub-components when they are programmed as described. In addition,the described embodiments include data structures, described below, asembodied on various types of memory media.

For purposes of illustration, programs and other executable programcomponents such as the operating system are illustrated herein asdiscrete blocks, although it is recognized that such programs andcomponents reside at various times in different storage components ofthe computer, and are executed by the data processor(s) of the computer.

Exemplary Memory System with Power Shutdown Capabilities

FIG. 4 shows an exemplary vehicle computer memory system 400 that isconfigured with power shut down capabilities in accordance with onedescribed embodiment. System 400 comprises flash memory 402, DRAM 404,SRAM 406, a power control circuit 408, a power supply with low voltagedetection circuit 410, a microprocessor 412, and a bus 414.

In the illustrated and described example, the vehicle's object store ismaintained in flash memory 402. DRAM 404 is used to contain “read only”pages that are read in from flash memory 402. When the read only pagesin DRAM 404 are written to or “dirtied”, they are moved into SRAM 406and maintained there. Low voltage detection circuit 410 is connected tothe main voltage supply (i.e. the supply provided by the vehicle'sbattery). When the low voltage detection circuit 410 detects that themain supply voltage has been abruptly lost or has dipped below a definedvoltage level, it generates an interrupt signal that is sent to themicroprocessor 412. This notifies the microprocessor that there has beena power failure and enables the microprocessor to take the necessarysteps that it needs to take in such an instance. This can include, forexample, copying contents in DRAM 404 into SRAM 406. Power controlcircuit 408 is then activated just as regulated voltage VCC3V begins todrop out of regulation and ensures that a backup battery, in this case asmall lithium cell, is incorporated in a circuit so that it can be usedto power the SRAM. The power control circuit 408 is also configured toplace SRAM 406 in a low power, high impedance state, while isolating theSRAM and the backup battery from the other system components. In thedescribed embodiment, the SRAM is placed into the low power, highimpedance state before the backup battery begins to provide power to theSRAM.

The illustrated system can also include a hold capacitor 414 thatessentially enables the supply voltage to decay away as a function ofthe size of the hold capacitor. This provides an extra bit of time(˜2-10 milliseconds) for copying any needed data from DRAM 404 to SRAM406 or for setting any appropriate status information in SRAM 406.

In the illustrated circuit, the flash memory 402, DRAM 404, and SRAM 406are powered by a 3-volt power rail that is provided by the vehicle'sbattery through a suitable switcher power supply circuit (notspecifically shown).

Timing Considerations

Before continuing on with a discussion of one specific implementation ofpower control circuit 408 and power supply with low voltage detectioncircuit 410, the following discussion regarding certain timingconsiderations is provided so that the reader can more fully appreciatethe purpose of the circuitry about to be described.

FIG. 5 shows a timing chart 500 that shows various voltages as afunction of time in the event of an emergency or abrupt power shut down.In the automotive context, there is a main supply voltage of 12 voltsthat is provided by the vehicle's battery. This supply voltage is shownat 502. A switching power supply provides 5-volt and 3-volt voltagerails that are used by various systems within the vehicle's computingdevice. For example, the 3-volt rail is used to power the flash memory402, DRAM 404 and the SRAM 406. These voltage rails are respectivelyshown at 504, 506. An interrupt signal is shown at 508 and constitutesthe interrupt signal that is generated by the low voltage detectioncircuit 410 for microprocessor 412.

The main battery voltage 502 begins to decay as soon as the main batteryis removed. Once the main voltage drops below a predetermined threshold(e.g. ˜10.5 volts), low voltage detection circuit 410 (FIG. 4) generatesan interrupt signal 508 which is a notification to the microprocessorthat main power is no longer available. The system software then has atime period designated as T_(avail) to write out any data to the SRAM406. This T_(avail) is determined by the hold capacitor and typicallywill range from 2-10 milliseconds depending on the size of the holdcapacitor used. The main supply voltage 502 will continue to decay as afunction of the hold capacitor. When the supply voltage 502 decays toaround 6-volts, the 5-volt power rail is said to drop out of regulationand will start to decay as shown. As the main supply voltage 502continues to decay, the 3-volt (actually 3.3 volts) power rail will dropout of regulation at around 4-volts. The 3-volt power rail is used bymicroprocessor 412 and the memory devices (i.e. flash memory 402 andDRAM 404) so they can operate until the 3-volt power rail drops away.The SRAM 406 normally receives its power from the 5V power rail until itdrops out of regulation at which point the backup battery takes over.

As the voltage decays as described above, there are essentially twooperations that go on in parallel. First, as the voltage starts droppingout of regulation, the SRAM is placed in a low power, high impedancestate so that there is no leakage back to the microprocessor. Second,the SRAM's power supply line is isolated from the main power supply railso that the backup battery does not try to back feed the 5-volt powerrail. In the described embodiment, both of these functions areimplemented by the power control circuit 408. That is, the power controlcircuit places the SRAM in its low power, high impedance state, andincorporates and isolates the SRAM's backup battery so that it can powerthe SRAM.

FIG. 6 is a flow diagram that describes steps in a method in accordancewith one described embodiment. In the illustrated example, the method isimplemented in hardware, a specific example of which is given below.

Step 600 provides a vehicle computing device. Exemplary computingdevices are described above. One particular type of vehicle computingdevice is an Auto PC device developed by Microsoft. It is to beappreciated and understood that the inventive techniques described belowcan be practiced in connection with any suitable vehicle computingdevice, with the Auto PC constituting but one exemplary device. Step 602detects an abrupt power shut down condition. An abrupt power shut downcondition can occur, for example, when a vehicle's battery is suddenlydisconnected or otherwise unavailable for providing power to thevehicle's computing device. In the illustrated example, this step isimplemented by a power supply with low voltage detection circuit such ascircuit 410 in FIG. 4. It is to be appreciated and understood that anysuitable circuit can be used for implementing a power shutdown detectioncircuit. It is desirable for such a circuit to have characteristics thatenable it to detect when a vehicle's main power supply is not availableor will not be available in a short time. Step 604 writes suitable datainto SRAM after shutdown is detected by step 602. This step is shown indash lines because it can be an optional step. The data that can bewritten into the SRAM can be data that is contained in the system'sDRAM. Step 606 places the SRAM in a low power, high impedance state forreasons that were mentioned above. In the illustrated and describedembodiment, this step is accomplished by power control circuit 408. Anysuitable circuit can be used to place the SRAM in a low power, highimpedance state, with but one exemplary specific circuitry being shownand described below.

Step 608 incorporates an SRAM backup battery into a circuit thatprovides power to the SRAM. The SRAM backup battery is desirably onethat has a long lifetime so that the user need not worry about changingthe battery. One exemplary lithium cell battery suitable for use inautomotive environments is made by a company called Tadiran. In theillustrated and described embodiment, this step is implemented by thepower control circuit 408, a specific example of which is shown anddescribed below. Step 610 isolates the backup battery to power only theSRAM. Again, this step is implemented in the described embodiment bypower control circuit 408.

Exemplary Shutdown Detection Circuit

In the illustrated and described embodiment, the low voltage detectioncircuit 410 is implemented as a comparator circuit within the powersupply switcher circuit.

FIG. 7 shows one exemplary comparator circuit generally at 700 andcomprises resistors 702, 704 connected as shown and having the indicatedmagnitudes. The circuit is connected to the main supply voltageindicated as V_(main) _(—) _(bat). Hold capacitor 414 is provided asshown. A power supply switcher circuit 705 is provided and is connectedto the main supply voltage to generate the 5-volt and 3-volt powerrails. A comparator element 706 is provided and includes a voltagereference input (the bottommost of the inputs) and an input derived fromthe voltage drop across resistor 704. When the input voltage to thecomparator element drops below a predetermined nominal voltage, e.g.1.65V, the comparator circuit trips and generates an interrupt signal(referred to as an “NMI” interrupt for “Non Maskable Interrupt”) on line708 that is provided to the microprocessor. The microprocessor can thenimmediately copy any unsaved “dirty” pages (if any) or other neededinformation to SRAM and set any appropriate flags in the SRAM. Dependingon the power supply used, when the input voltage drops to around 4V, the3.3 power rail will begin to drop out of regulation which will cause theDRAM to lose its contents and the microprocessor will stop itsfunctioning.

Exemplary Power Control Circuit

In the described embodiment, by the time the power rail to the SRAM hasdropped out of regulation, the power control circuit has advantageouslyprovided a backup battery for the SRAM, and well as isolated the SRAMand its backup battery from the other system components.

FIG. 8 shows an exemplary power control circuit 800. It is to beappreciated that the described power control circuit constitutes but oneexample of a suitable power control circuit. In the describedembodiment, characteristics of the power control circuit are that it canaccomplish one or more of the following functions in the event of anabrupt power loss or shut down: (1) smoothly transition to a backuppower source for the SRAM, and (2) suitably isolate the backup powersource from the other components in the system so that there is nocurrent flow to the power plane.

Circuit 800 comprises a pair of series-connected diodes 802, 804connected between the 5-volt power rail and the source of a P-channelfield effect transistor (PFET) 808. A 2.2K resistor 806 is connectedbetween (1) a node that is shared with both diode 804 and the source ofPFET 808 and (2) the gate of PFET 808. The gate of FET 808 is connectedto the collector of a bipolar junction transistor (BJT) 810 whose baseis connected to the 5-volt power rail through a 1K resistor 812 and a3.3V Zener diode 814. An N-channel field effect transistor (NFET) 816 isprovided and has its source connected to a chip select line for SRAM818, and optionally SRAM 820. NFET 816 is essentially a switch on thechip select line the purpose of which will become evident below. Thegate of NFET 816 is connected to the 5-volt power rail. A 47K pull upresistor 822 is connected between the drain of NFET 816 and the SRAMV_(cc) line.

A backup power source 824 is provided for the SRAM and comprises a 3.6Vlithium cell battery 826, a diode 828 connected to the battery 826, anda 470 Ohm resistor 830 connected between the diode 828 and the SRAMV_(cc) line.

Circuit 800 works as follows: When the 5V power rail is withinregulation, BJT 810 saturates thus creating a sufficient gate to sourcevoltage to turn on PFET 808. In this state, the SRAM 818 and optionallySRAM 820 are powered by approximately 3.6V (5V minus two diode drops) onthe SRAM V_(cc) line. Advantageously, since this is the same voltage asbackup battery 826, no current will flow out of the backup batterybecause diode 828 will not be forward-biased. Also, diode 828 will blockany reverse current from attempting to flow back into or charge thenon-rechargable battery 826. It will be appreciated and understood bythose of skill in the art that diode 828 could be replaced by a FET toensure that no current flows through resistor 830 when the 5-volt powerrail is within regulation.

When the 5-volt power rail drops well below regulation (i.e. less thanabout 4V), Zener diode 814 ensures that BJT 810 turns off which,likewise, turns PFET 808 off. With FET 808 turned off, the voltage onthe SRAM V_(cc) line will begin to decay as determined by primarily by acapacitor 832. At a slightly higher voltage (˜4.5V), NFET 816 will turnoff and pull up resistor 822 will pull the chip select line high thuscausing the SRAMs to enter into a low power, high impedance state. Thus,as can be seen the SRAM(s) will be in their low power high impedancestate before the switch over occurs. In this low power state, the SRAMsdraw about 0.5 uA of current. Shortly after the SRAMs are placed intotheir low power state, battery 826 begins to supply current to theSRAMs. The battery 826 will begin to supply current as the SRAM V_(cc)line drops to approximately 3V. Diodes 802 and 804 also serve to blockany reverse current to the power rail (VCC_(—)5V).

Note that in the event 5V is not readily available, a 5V input to theZener diode 814 and the gate of FET 816 can be provided from the mainbattery by using a 220 ohm resistor in series with a 5.1V Zener diode.

Although not specifically shown, AND logic can be coupled with the SRAM818 and optionally SRAM 820 to interface with the microprocessor so thatbyte write operations can be accomplished in addition word and long wordwrite operations.

Management of the Object Store

In the described embodiment, the object store for the computing deviceis laid out in virtual memory and accesses to object store pages takeplace using virtual addresses. By using virtual addresses, pages are notconfined to a fixed corresponding physical address in physical memory.Rather, the pages can be moved around within the system quite readily,and are accessed through use of their virtual addresses which can thenbe mapped to the particular physical location.

To understand and appreciate concepts and the workings of an exemplaryvirtual memory system, consider FIG. 9.

Many modem computer systems, and indeed automotive computing systems ofthe type described above run multiple concurrent tasks or processes,each with its own address space. It would be expensive to dedicate afull complement of memory to each task, especially since many tasks useonly a small part of their address spaces. Rather, virtual memory isused to give each process the appearance of a full address space. Thisallows a program to run on what appears to be a large, contiguous,physical-memory address space dedicated entirely to the program. Inreality, however, the available physical memory in a virtual memorysystem is shared between multiple programs or processes. The memory thatappears to be large and contiguous is actually smaller and fragmentedbetween multiple programs. Each program accesses memory through virtualaddresses, which are translated by special hardware and/or software tophysical addresses.

Rather than attempting to maintain a mapping for each possible virtualaddress, virtual memory systems divide virtual and physical memory intoblocks. In many systems, these blocks are fixed in size and are referredto as “pages”. The addresses within an individual page can all haveidentical uppermost bits. Thus, a memory address is the concatenation ofa page number, corresponding to the uppermost bits of the address, and apage offset, corresponding to the lower bits of the address.

A data structure is typically maintained in physical memory to translatefrom virtual page numbers to physical page frames. This data structureusually takes the form of a page table. A page table is indexed byvirtual page number, and it generally has a number of entries equal tothe number of pages in the virtual address space. That is, the pagetable keeps track of every virtual address that has been allocated inthe system and provides a mapping to a physical location.

Virtual-to-physical address translation can consume significantoverhead, since every data access requires first accessing the pagetable to obtain a physical address and then accessing the data itself.To reduce address translation time, computers can use a specializedhardware cache that is dedicated to translations. This cache is referredto as a translation lookaside buffer (TLB). A TLB typically has a small,fixed number of entries. The entries correspond to recently translatedvirtual pages numbers or addresses. The TLB can be direct-mapped, setassociative, or fully associative.

FIG. 9 shows an exemplary virtual memory system using a TLB 902 and apage table 906. A process typically generates a virtual address 900comprising a virtual page number and a page offset. The page numberportion of the virtual address is used to index a TLB 902. Assuming thatthe TLB contains an entry corresponding to the virtual page number (asituation referred to as a TLB “hit”), the TLB produces a physical pagenumber. The page offset portion of virtual address 900 is concatenatedwith the physical page number from the TLB, resulting in a full physicaladdress for accessing physical memory 904. If the correct entry is notpresent in TLB 902 (a situation referred to as a TLB “miss”), an initialreference is made to page table 906 to update TLB 902.

A TLB miss thus initiates its own memory reference that could in manycases be the source of another TLB miss, creating the potential for anendless loop. To prevent this, the page table is typically stored in an“unmapped” portion of physical memory that is addressed directly by itsphysical addresses rather than by virtual addresses.

In order to be able to page in object store pages on demand, toperiodically write object store pages out to a non-volatile medium (suchas SRAM) just before they are “dirtied” (i.e. written to), as well as toflush dirty pages to a non-volatile medium (such as flash), the locationof each object store page is tracked. Furthermore, this locationinformation is available across power-on boots. Because theabove-described battery-backed SRAM never loses power, and because it iseasily readable and writeable, it is a desirable choice to maintainobject store pages and page table information. The software portion thedescribed embodiments can also be extended to use ordinary DRAM, insteadof SRAM, and to store the page tracking table in FLASH. This, however,introduces more risk of data loss, and a guaranteed flash right timemust be reserved with large enough capacitance, in order to allow theDRAM and page tracking table to be written to FLASH in the event ofpower loss.

FIG. 10 is a flow diagram that describes steps in a method in accordancewith one embodiment. The method is desirably implemented in software inconjunction with an automotive computing device.

Step 1000 provides an automotive computing device. An exemplaryautomotive computing device is described above. Step 1002 provides anobject store in non-volatile memory of the automotive computing device.In one implementation, the non-volatile memory comprises flash memory,although any suitable non-volatile memory will suffice. Step 1004maintains one or more pages of the object store in one or more SRAMs ofthe computing device. Maintenance of the object store pages, as well asmanagement thereof can advantageously take place utilizing principles ofvirtual addressing. One specific virtual addressing system was describedabove, although any suitable virtual addressing system can be utilized.

Two primary goals of the described embodiments are to implement methodsto reduce boot up time by demand paging the object store, and toimplement an extremely fast shut down without data loss. The first goalis discussed in more detail below in a section entitled “Fast Boot”. Thesecond goal is met by performing a periodic flush of object store pagesfrom DRAM to non-volatile memory (flash or battery-backed SRAM). Boththese two goals share a core characteristic—that the object store can bepaged between the various memory media in the system. In paging theobject store it is useful for the software to track (1) which pages needto be paged, (2) when they need to be paged, and (3) where these pagesare located. Each of these items is specifically discussed in thesections immediately below.

Determining Which Pages Need To Be Paged In

In order to track which object store pages need to be paged in, pagesthat correspond to the object store are first identified. In thedescribed embodiment, the object store is initially represented as alinked-list containing physical DRAM address pointers to pages of objectstore data. Software uses these linked-list addresses to determine thephysical addresses of the object store. Furthermore, because these arephysical addresses, rather than virtual addresses, they are not subjectto change due to memory management tasks such as heap compaction. Inaccordance with the described embodiment, these physical addresses areplaced within a table in battery-backed SRAM so that the object storecan be tracked by physical addresses across power cycles. As an example,consider again FIG. 9 which shows SRAM 910 as containing an SRAM objectstore table 912. Note that although the SRAM object store tracks theobject store pages' physical addresses, the operating system itselfmanages the object store by using corresponding virtual addresses.

Determining When Pages Need To Be Paged In

In the illustrated and described embodiment, object store pages arepaged from flash memory into RAM (either SRAM or DRAM) whenever they areaccessed. This is known as “demand-paging”. The described embodimenttakes advantage of the fact that the system's Central Processing Unit(CPU) contains a translation look-aside buffer (TLB), which consists oftwo parts: a key and a value. Put in the simplest of terms, each key isa virtual address while each value is the corresponding physical addressbundled with some additional flags, such as a dirty flag and permissionaccess flags. When a virtual address access is attempted (e.g. a writeto a virtual address), the CPU will attempt to use this address as a keyinto the TLB. If the key is not found, the CPU will generate anexception called a TLB Miss Error or “miss” as mentioned above.

The described embodiment uses this TLB Miss Error exception to itsadvantage in the following way: in the TLB Miss Error exception handlingcode, if an access is made to an object store page, the software checksto see whether the object store page is already in RAM or not. If theobject store page is not in RAM, it is paged in from flash memory.Furthermore, the TLB is updated to contain a new mapping for the virtualaddress of the object store page. Note that a mapping is added for allTLB misses, not just for those corresponding to object store pageaccesses. Additionally, when a TLB is full at the time of a TLB miss, atleast one TLB entry is flushed to make room for a new one. Since a TLBis very small, a flush can occur frequently.

Determining Where Pages Are Located

In general, the Operating System (OS) maintains all of the mappingsbetween virtual and physical addresses in a software structure known asthe page table which is described above in connection with FIG. 9. ThisOS structure is able to map every valid virtual address. A subset ofthese mappings is also kept in the CPU's hardware cache in the form ofthe TLB as mentioned above. The TLB contains the most recentlytranslated virtual page numbers. In the illustrated and describedembodiment, an additional table of object store pages referred to as the“SRAM table” or the “SRAM object store page table” (i.e. table 912) isalso created and maintained in SRAM. Since the SRAM is battery-backed asdescribed above, in the event of an abrupt power loss, all of thelocation data (i.e. virtual address to physical location mappings) forthe object store pages are preserved and maintained in SRAM.

SRAM Object Store Page Table

The following discussion describes a specific implementation of an SRAMObject Store Page Table and is not intended to limit application of theclaimed subject matter. Accordingly, departures from the describedimplementation can be made without departing from the spirit and scopeof the claimed subject matter.

In the illustrated and described embodiment, the object store is assumedto have a maximum size of 16 Mbytes. At this size, 4K object store pagetable entries (i.e. 16 Mbytes/4 Kbytes pages) can track every page ofthe object store. These entries can be bundled together, e.g. as anarray which is ordered by physical address.

The illustrated and described embodiment uses a flag in SRAM to tag theSRAM Object Store Page Table as “valid” or “invalid”. On a first-time“cold boot”, this flag is marked invalid since the table has not yetbeen created. Since the first-time cold boot value of SRAM is undefined,a simple 1 or 0 flag for valid and invalid, respectively, is notsufficient. Instead, the flag should be a distinct value, e.g.0xCAFECAFE. Thus, the described embodiment reserves 1 DWORD in SRAM fora validity flag.

The illustrated and described embodiment uses the second half of the HRP32 Mbytes flash memory for object store storage. With a 512 K flashblock size, there are 16 bytes/512 Kbytes=32 blocks (2⁵) available forobject store storage. Thus, five bits are used to track the last freeblock used for wear leveling and compaction. Wear leveling andcompaction is discussed below in more detail.

In the specifically described implementation, the number of bitsrequired to track the last page written to flash is the same number (5bits) required to track the last free flash block, as described above.Additionally, there are 512 Kbytes per block/4 Kbytes per page or 128pages per block. Seven bits can access 2⁷=128 pages; hence, 7 bits areneeded to access a page within a block.

The described implementation tracks the state of each page of flash aseither free, erased, or in use (2 bits per page can represent these 3states). Since there are (128 pages/block)*32 blocks available, thereare 32*128 total pages available. Since each page requires 2 bits, thedescribed implementation uses (32*128*2)/8 bytes, or 1024 bytes (i.e.256 DWORDS) to track the status of each page within a block.

It will be appreciated and understood that the number of bits requiredto track the number of object stores pages in SRAM is dependent on theamount of SRAM available, as well as the amount of space taken by SRAMdata other than object store pages. One hardware design allows for oneor two parts of 128 Kbytes of SRAM to be used. Investigation of a 512Kbytes part is currently underway as well. With two 512 Kbytes parts,one part can be used as a 512 Kbytes buffer used to build up a flashblock of data (the HRP's flash block size is 512 K). From a performancestandpoint, this is ideal because an entire flash block can be writtenin one continuous operation which reduces overhead. However, many OEMsare building very cost sensitive products; thus, they may be willing tosacrifice some performance for a lower cost solution involving a single128 Kbyte or 256 Kbyte of SRAM.

Assume, for example, that only 128 Kbytes of SRAM is used, and that 2Kbytes are reserved for tracking object store pages, flash blocks, etc.This allows 126 Kbytes/4 K bytes per page, or 31 pages of the objectstore in SRAM. Thus, five bits (2⁵=32) can be used to track these SRAMobject store pages.

Assuming a constant offset from the beginning of SRAM to the location atwhich the first object store page is written to SRAM, we would only needto reserve enough bits to access the maximum number of object storepages in SRAM. As pointed out above, this is dependent on the amount ofSRAM available. We can assume, however, that the number of bitsnecessary is the same number needed to track the number of object storepages currently stored in SRAM—5 bits.

The SRAM information can be represented as a structure an example ofwhich is given below:

typedef struct tagSramHeader{ // if the table is valid, the followingwill be a specific magic number DWORD dwValidityFlag; // last free blockused for wear-leveling and compaction DWORD LastFreeFlashBlock : 5; //index of flash block containing last page written to flash DWORDBlockforLastFlashPageWritten : 5; // last page written to flash DWORDPageLastWritten : 7; // number of object store pages in sram DWORDNumberSramObjectStorePages : 6; // page number to write next objectstore page in sram DWORD IndexToWriteNextSramPage : 6 DWORD unused : 3;// unused // track free, erased, and erased blocks in flash DWORDFlashBlockInfo[256]; } SramHeader;

SRAM Object Store Page Table Entry

Within the SRAM Object Store Page Table are individual page tableentries. One specific exemplary SRAM Object Store Page Table Entry isshown in FIG. 11 at 1100. The “P” designations indicate bits that definea physical address, the “M” designations indicate bits that define aflash or SRAM address, the “L” designations indicate bits that indicatea location (i.e. DRAM, SRAM, or flash), the “D” designation indicates abit that defines whether a page is dirty or not, the “N” designationindicates bits that define the number of times a page has been writtento flash, and the “F” designation indicates bits that define a flashaddress.

On the very first-time boot of the automotive computing device (or aftera reset which causes a cold boot), the system will go through a 5-10second cold boot. Since this type of boot normally happens once in thelifetime of the device, it is assumed to be an acceptable specification,especially considering that it can be performed on the device before itis shipped to the customer.

In addition to general initialization, the described embodiment makes acopy of the object store in flash memory, and creates the correspondingSRAM Object Store Page Table in SRAM. This table is initialized withentries indicating that the pages are initially in flash memory withread-only access.

The described object store page table entries provide the informationspecified in the table below using the “L” bits.

L bits Meaning 00 Page resides in DRAM, and there isn't a copy of it inflash yet. 01 Page resides in DRAM and there is a copy of it in flash.10 Page resides in SRAM. 11 Page resides in flash.

P Bits

The “P” bits are used for tracking the start of the page relative to thestarting physical address of DRAM. The offset of the start of the pagerelative to the starting physical address of DRAM corresponds to thefixed physical address offset at which the OS thinks the page is locatedin DRAM; because this is a fixed address, this address will not changewhen the page is moved from one physical medium to another.

With a 4 Kbytes page size, 2²*2¹⁰=2¹² bytes can be accessed per page.Thus, the lower 12 bits of an address reference the offset within apage. Since the described table tracks starting page addresses, we caneliminate 12 bits of page offset from our 32-bit address.

Also, the upper six bits of our addresses are always the same for aspecific physical medium; e.g. the upper six bits of addresses in flashare always 101000 binary. So, we can eliminate these upper 6 bits fromthe 32-bit address as well. This results in a 32−12−6=14 bit address;thus 14 bits are used to track the start of the page relative to thestarting physical address of DRAM.

M Bits

The “M” bits are used for tracking the start of the page relative to thestarting physical address within a physical medium. The offset of thestart of the page relative to the starting physical address in SRAM,DRAM, or flash corresponds to the actual location of the page at anygiven time. Note that in the DRAM case, the P offset bits and the Moffset bits are the same. (Note that “M” is a pneumonic for “moveable”.)When an object store page is moved from one physical medium to another,the “M” offset is changed to reflect the new physical location of thepage. Using the same calculation as described in the P bits descriptionabove, 14 bits are necessary for this entry.

F Bits

The “F” bits are used to track the offset of the start of the pagerelative to the starting physical address in flash. The “F” bits areused in two scenarios: (1) When a read-only page is moved to DRAM, acopy of the page is still kept in flash and its location in flash istracked. The reason for tracking the page in both flash and in DRAM isthat if power is lost, the read-only page in DRAM will be lost; (2) Whena page is copied from SRAM to flash in order to make space for new pagesin SRAM, the “F” bits are set to the starting address of the page inflash in order to track the page's new location in flash. Using the samecalculation as described in the P bits description above, 14 bits arenecessary for this entry.

D Bits

The “D” bit tracks whether a page is dirty (i.e. written to) or not.Only one bit is needed per object store page table entry to trackwhether the corresponding page is dirty or not.

N Bits

The “N” bits track the number of times a page has been written to flash.A count of the number of times the page has been written to flash can beused to determine which pages to flush back to flash when flushingbecomes necessary. Tentatively, one byte per table entry is reserved.

Reserved Bits

The number of bits necessary for each page table entry may need to bemodified in the future; we may also want to reserve additional bits forfuture expansion. Accordingly, the cross hatched bits correspond tothose that are reserved for future use.

OEM Adaptability

As noted above, the described embodiment provides an extensible platformupon which OEMs can build. Since the amount of physical memory presentin a device is OEM specific, the data and bit fields described above inthe “Object Store Page Table” and “Object Store Page Table Entries”sections can vary in size. Also, some parameters, such as page size, areCPU dependent. Because of this inherent variability, the information canbe under OEM control.

As described below, access to these OEM-specific data can occur during“TLB Miss” and “Write Exception” handling. So called “hooks” can beprovided to the corresponding OS exception handlers to call OEMexception handlers to access the OEM-specific data. Additionally, OSfunctions can be implemented to modify the OS page table and TLB; theOEM exception handlers can simply pass arguments, such as a new physicaladdress or a page attribute, to these functions.

Booting With An Existing Configuration Scenario

As mentioned above, after the first power-on cold boot, all subsequentboots restore the minimum number of object store pages so that theoperating system thinks it is warm booting. Since every access to a pagecurrently not represented in the TLB will cause a TLB miss exception,the system is able to “trap” every first attempted access to objectstore pages stored in flash and SRAM.

It is important to note that this particular described embodimentprovides that the OS exception handlers for write access and TLB miss(for a read or a write) will not be modified, with the exception ofhaving them also call an OEM exception handler (referred to as“hooking”) and to handle return values from these hooked OEM handlers.

On each subsequent power-up boot, the SRAM Object Store Page Table isprocessed or “walked” to change all references to pages in DRAM to pagesin flash, since the contents of DRAM were lost when the power went off.For these DRAM entries, the F bit values (the offset of the page inflash) are copied into the M bit values, which specify the offset of theobject store page in SRAM, DRAM, or in flash. Also, the L bits arechanged to indicate that the page is in flash. When a TLB miss on reador on write exception occurs, an OEM TLB exception handler can be calledfrom within the OS exception handler. One of the parameters passed tothis handler can be the physical address corresponding to the virtualaddress of the TLB miss—this data is fetched from the operating system'spage table which maps the virtual address to a physical address via aseries of table indirections. This physical address corresponds to thelocation at which the OS thinks the page resides in DRAM. In the SRAMObject Store Page Table Entry, this value corresponds to the “M” bitsaddress—the offset of the page within SRAM, DRAM, or flash (and will bereferred to the M address below).

The handler then determines if the physical address fetched from the OSpage table corresponds to an object store page. This is more easily doneif the SRAM's Object Store Page Table is sorted with respect to the Maddress; if so, the physical address only needs to be compared with thefirst and last M addresses in the Object Store Page.

If the physical address is not in range, the fault does not correspondto an object store page, so the handler will simply return. However, ifit is in range, the handler will take appropriate action, as outlinedbelow, as well as in the Table of FIG. 12 entitled “Handling ObjectStore Page Exception”.

TLB Miss Error Exceptions

Attempting to access (i.e. read and/or write) a page that is notcurrently mapped in the TLB results in a TLB Miss Error Exception. Inthe described embodiment, the OS TLB Miss Error Exception handler ismodified to call an OEM exception handler to give it an opportunity tohandle this exception.

If the page being accessed is part of the object store, the OEM handleris responsible for copying the page from flash into either DRAM or SRAM.If the exception occurred because of an attempted read access, the pagewill be copied to DRAM; if it occurred because of an attempted writeaccess the page will copied to SRAM. The reasoning behind this is thatsince a “read-only” page cannot be modified, it will never become dirty.In the event of a power loss, no changes to the page can therefore belost. In addition, the SRAM Object Store Page Table is modified toreflect the new location of the page (i.e. L and M bits) as well as thedirty bit (D bit). Note that the dirty bit will be set to dirty on a TLBMiss Error Write Exception because the page will be dirty as soon as thewrite to it completes.

If the page is not part of the object store, the OEM exception handlercan return to the OS exception handler with an indication that it didnot process the exception. The OS exception handler can then processthis exception normally—i.e. it will update the TLB with information forpage corresponding to the attempted access.

Write Exceptions

Attempting to write-access an object store page in flash, or a read-onlyobject store page in DRAM will result in a write exception. The OS WriteException handler can be modified to call an OEM exception handler togive it an opportunity to handle this exception. If this page is part ofthe object store, this handler will be responsible for copying the pageinto SRAM for modification, as well as modifying the correspondingentries in the SRAM Object Store Page Table. These modifications includemodifying the M bits to reference the page now in SRAM, the L bits toindicate the page now resides in SRAM, and the D bit to indicate thatthe page is dirty (i.e. it is about to be written to).

Also, the OEM exception handler is responsible for calling OS functionsto modify the corresponding OS page table and TLB. These OS functionscan be written within the OS layer and exported in the kernel. Thecorresponding OS page table and TLB entries are then modified to containthe page's new physical address, and to reflect that the page is nowwriteable.

Summary of Handling Object Store Page Exceptions

FIG. 12 contains a table that generally summarizes the processing thattakes place for handling object store page exceptions in accordance withthe described embodiment. The explanation of the table is believed to befairly straight forward and, for the sake of brevity, is not repeatedhere.

Managing the SRAM

In the illustrated and described embodiment, the battery-backed SRAM isused, in the context of an automobile computing device, essentially as awrite cache for the purpose of preserving dirty pages in the event of apower loss. The SRAM also includes state information which is saved inthe SRAM Object Store Page Table. Accordingly, in the event of a powerloss, all of the system's dirty pages as well as the locations of all ofthe Object Store pages are known. One goal of the process describedabove is to avoid having to do any copying in the event of a power loss.Essentially, then, as the system is operating, the SRAM is collecting“dirty” pages to avoid any copying upon a power failure.

Consider, however, that in the described embodiment the SRAM isconsiderably smaller than the Object Store. For example, if you have 4Mb of pages that need to be written to SRAM and only a 128K SRAM, theSRAM is going to be filled up and unavailable.

In accordance with one embodiment, the SRAM or at least portions of theSRAM are periodically flushed to the flash memory to make room for newpages. Any suitable techniques can be used to periodically flush theSRAM. For example, a first in and first-out (FIFO) technique might beused. Such technique is not, however, a good choice because it does nottake into consideration that some pages may be written to much morefrequently than others. For example, an object store page with registrydata would most likely be written to much less frequently than a page ofthe file system. Recall that this can be an issue because we want tominimize the number or frequency of writes to the flash so that theflash is not worn out.

In accordance with the described embodiment, and in light of the desireto minimize the number of writes to flash, the frequency of page use istracked by storing a “write-to-flash” count within the object store pagetable. Accordingly, pages that are least frequently written to flashwill be flushed to flash first.

FIG. 13 is a flow diagram that describes steps in an SRAM managementmethod in accordance with the described embodiment. The steps aredesirably implemented in software, but can be implemented in anysuitable hardware, software, firmware, or combination thereof.

Step 1300 maintains multiple object store pages in SRAM. These pages canbe provided into the SRAM as described above. Step 1302 periodicallyflushes one or more object store pages to non-volatile memory to makeroom for additional object store pages.

Determining When To Flush SRAM To Flash

One approach to determining when to periodically flush SRAM pages toflash is to flush the pages at either low, normal, or very high threadpriorities, based on how many free SRAM pages there currently are. Forexample, a low priority thread (such as an idle time thread) can flushthe SRAM when there are less than x pages of free SRAM in which to writeobject store pages. A normal priority thread can flush the SRAM whenthere are less than y pages of free SRAM where y<x. Finally, a highpriority thread can flush the SRAM when there are less than z pages(e.g. one page) of free SRAM, where z<<y<x. The object is to minimizethe writing done to flash and leave dirty pages in SRAM as long aspossible. This prevents over usage problems with the flash memory andminimizes the amount of time spent copying pages from flash into ram andvisa versa.

Managing Flash Memory

An erased flash memory block consists of a series of ‘1’s. Writing a 0to any bit in the block requires the entire block to be erased. It takesa non-trivial amount of time to put the flash in erase mode and then toerase it. Also, the larger the block size you have, the longer it takesto erase a block.

Against this backdrop, two important issues are addressed when managingflash: compaction and wear leveling.

Compaction

In order to move one or more pages to flash, at least one block oferased flash needs to be available. This is because, unlike RAM, youcannot write to a portion of a block without erasing the entire block.If every block of flash had at least one page of object store data init, you would need to erase one block before writing the new page. Inthe process of erasing the block, you would wipe out the contents of thepage that was already in the block.

FIG. 14 shows a flash system 1400 with two blocks (Block 0 and Block 1)and a block size equal to 4*page size. Further, each block has one pageof data in it. In order to write a new page to Block 0, the entire blockfirst needs to be erased, meaning that the used page A would be lost. Inorder to prevent the page loss, at least one free block needs to beavailable to use for compaction. Thus, in accordance with the describedembodiment, one block is reserved for compaction. For our example, pageA, page B, and the new page are copied to an unused, erased block 2 asshown at 1402. After the copy, blocks 0 and 1 are erased to prepare forsubsequent writes.

FIG. 15 is a flow diagram that describes steps in a compaction method inaccordance with the described embodiment. The steps are desirablyimplemented in software, but can be implemented in any suitablehardware, software, firmware, or combination thereof.

Step 1500 provides flash memory arranged in blocks. Step 1502 reservesat least one block for compaction. Step 1504 copies one or more pages inone or more other blocks to the reserved block. Step 1506 erases anyblocks from which pages were copied to prepare the blocks for subsequentwrites.

Wear-leveling

Flash memory can typically withstand 100,000 to 1 million writes beforeit fails. Depending on the amount of SRAM available, as well as theeffectiveness of the algorithm used to determine which SRAM pages toflush to flash, the SRAM may or may not need to be wear-leveled.

Wear leveling requires using a different free block for each successivecompaction. This is because if the same block in flash is always used asthe free block, eventually this block will wear out. For the 0^(th)compaction, block 0 can be used as the free block in which to copypages; for the n^(th) compaction, block n could be used. Accordingly, adifferent measure can be used to determine which block to use.

A variable in SRAM can track the current free block and the offset ofthe last written page since this value needs to persist across power-offboots. In addition, the next page written to flash can be written to ablock at a physical address always greater than address of the previouspage write.

As an example, consider FIG. 16 which shows a flash system 1600 with 3blocks of 4 pages each. Initially, block 0 is reserved as the free blockfor compaction. Blocks 1 and 2 contain 4 used pages each. However, aftersome time later, the second page of each block is paged to SRAM. Thenext page write to flash cannot be done to blocks 1 and 2 because theseblocks need to be erased before the next write (see the “BeforeCompaction” diagram on the left). In order to prepare for the next pagewrite, flash memory needs to be compacted. Since block 0 is the freeblock for compaction, pages will be written to it after block 0 iserased (or it may have been previously erased during idle time). Sincewe are also wear leveling while compacting, the goal is to reserve block1 (the next consecutive block after block 0) as our next free block.This means that we must move all used pages currently in block 1 toblock 0 (See the “After Compaction” diagram on the right).

After all of the pages in block 1 are moved to block 0, block 1 can beerased so that it can be used as the next block to which pages aremoved.

Fast Boot

One design goal in the presently-described automotive computing deviceis to be able to boot the device from a zero power state, i.e. get thedevice up and running, as fast as possible. In the past, one solution tothe zero power scenario was to take the entire object store and maintainit in flash memory. On boot up, the entire object store would then beread into DRAM. This process involved copying every single page in theobject store, whether the page was needed or not, and could take on theorder of 5 seconds or more. In accordance with the described embodiment,the only pages of the object store that are copied into RAM are pagesthat are actually needed for boot up. That is, the necessary pages arepaged into RAM from flash memory as they are needed during a boot from azero power state. These necessary pages can include, without limitation,pages that are used by the file system during its initialization. Thesecan include pages that contain the file system's structural data, FATtables, and the like. As subsequent pages from the object store areneeded, they are paged in. Thus, in the “fast boot” scenario, pages fromflash memory are copied into RAM as they are being used. This reducesthe number of pages that are read in on boot up from (a) all of thepages in the entire object store to (b) just the pages that are neededfor booting. It will be appreciated that the specific pages that areneeded by any specific system are not particularly relevant to thisdiscussion, as such pages can change as between systems.

FIG. 17 is a flow diagram that describes steps in a fast boot method inaccordance with the described embodiment. In the illustrated example,the method is implemented in software that is executing on an automotivecomputing device such as the devices described above. Step 1700maintains a copy of an object store in non-volatile storage. Thenon-volatile storage can be any suitable non-volatile storage thatcomprises part of the vehicle's computing device. In one implementation,the non-volatile storage comprises flash memory. The object store copyis maintained in the non-volatile storage from a previous boot of thesystem. Step 1702 initiates a boot sequence of the automotive computingdevice. Such sequence is initiated when, for example, power is returnedor supplied to the system, i.e. when a vehicle carrying the computingdevice is started or has power restored. Step 1704 pages, during theboot sequence, only predetermined object store pages from thenon-volatile storage into RAM. Desirably, this results in less than allof the object store pages being paged in during boot up. This enablesthe computing device to boot quickly. Step 1706 determines, after theboot sequence, whether any additional object store pages are needed. Ifany pages are needed, step 1708 pages them in as described above.

In one implementation that utilizes an SRAM as described above, there issoftware code that recognizes whether the SRAM object store page tableis valid, e.g. the code uses a signature in a known manner. The SRAMobject store page table contains information that describes what hasbeen done with all of the DRAM file system pages. That is, with respectto all of the object store pages, and particularly those that werecontained in DRAM before the last power down, the SRAM object store pagetable contains information that describes these pages' locations. When aboot up is initiated, software code processes the SRAM object store pagetable and marks all of the object store pages that were indicated asresiding in DRAM as not being in DRAM any longer. Note that these pagesare still in the flash memory because presumably, they were “read only”pages copies of which are maintained in flash memory.

When the operating system tries to reference a page that it believesshould be in DRAM, a TLB miss exception is generated. Recall that TLBmiss exceptions are generated the first time a page is accessed sincethe TLB does not yet contain a mapping between the virtual address ofthe page and the physical address at which the page is actually located.In accordance with the described embodiment, the TLB miss exception isintercepted before the operating system has a chance to process it.Software code then takes the virtual address of the page and uses it asa key into the OS page table. This is done to fetch the physical address(in RAM) at which the operating system believes the page is located. Thesoftware code then compares this physical address with the addresses inthe SRAM object store page table to ascertain whether the page comprisespart of the object store or not. If the page is part of the objectstore, the code ascertains the page's actual location by using the SRAMobject store page table. Recall from the discussion above that variousbits are used to track the current location of a page as being in eitherSRAM, DRAM or flash. If the page is currently in SRAM, an adjustment ismade to the OS page table to change the page's physical DRAM address tothe page's actual SRAM address. In addition, the virtual and physicaladdresses of the page are entered in the TLB. If the page resides inflash memory, the page is copied (using the address stored in the SRAMobject store page table) to DRAM or SRAM. The page is copied to SRAM ifthe page access is a write access, otherwise the page is copied to DRAM.If the page is copied to SRAM, adjustments are made to the SRAM objectstore page table, the OS page table, and the TLB to reflect the newlocation of the page.

As each subsequent page is used, it is copied to RAM (either DRAM orSRAM) using the TLB miss exception described above. This results inpages being paged in on demand. This in turn accelerates the booting ofthe computing device.

Conclusion

The above systems and methods provide cost-effective solutions to dataloss problems caused by emergency power shut down in automotivecomputing devices. The solutions can greatly increase the lifetime ofthe automotive computing device so that it effectively has an expectedlifetime that is greater than the anticipated product life. Theparticular battery-backed SRAM embodiments not only provide solutionsthat can use batteries that fall within automotive specifications, butensure that consumers do not have to replace the backup batteries duringthe computing devices' product lifetime. In addition, the hardware andsoftware of the described embodiments cooperate to ensure that criticalsystem data is not lost in the event of a power loss. The inventivesolutions enable power to be abruptly lost without jeopardizing anysystem-critical data. In addition, inventive techniques reduce the timethat is required to boot the automotive computing device therebyenhancing the user's experience and meeting desired OEM limitations ondesired boot times.

Although the invention has been described in language specific tostructural features and/or methodological steps, it is to be understoodthat the invention defined in the appended claims is not necessarilylimited to the specific features or steps described. Rather, thespecific features and steps are disclosed as preferred forms ofimplementing the claimed invention.

1. A programmable automotive computing device programmed withinstructions which, when executed by the automotive computing device,cause the computing device to: copy an object store into device flashmemory; and create an object store page table in device SRAM that isconfigured to track the locations of all of the object store pages inthe device.
 2. The automotive computing device of claim 1, wherein theinstructions cause the computing device to initialize the object storepage table to indicate that object store pages are located in flashmemory and are read only pages.
 3. The automotive computing device ofclaim 1, wherein the instructions cause the computing device to: pageobject store pages between and among the flash memory, device DRAM andthe SRAM; and update the object store page table to reflect newlocations of the paged object store pages.
 4. The automotive computingdevice of claim 3, wherein the instructions cause the computing deviceto page object store pages from the flash memory to the DRAM responsiveto a read access of the object store page.
 5. The automotive computingdevice of claim 4, wherein the instructions cause the computing deviceto maintain a copy of one or more paged pages in the flash memory in theevent of a power loss.
 6. The automotive computing device of claim 3,wherein the instructions cause the computing device to page object storepages from the DRAM to the SRAM responsive to a write access of theobject store page.
 7. The automotive computing device of claim 3,wherein the instructions cause the computing device to page object storepages from the SRAM to the flash memory in a predetermined manner tomake room for additional object store pages.
 8. The automotive computingdevice of claim 1, wherein the instructions cause the computing deviceto use the object store page table to track whether an object store pageis dirty.
 9. The automotive computing device of claim 1, wherein theinstructions cause the computing device to use the object store pagetable to track the number of times an object store page has been writtento flash memory.
 10. The automotive computing device of claim 9, whereinthe instructions cause the computing device to use said number todetermine when to write a page from the SRAM into the flash memory. 11.An automobile embodying the automotive computing device of claim
 1. 12.In an automotive computing device, a method comprising: booting thecomputing device; and responsive to said booting, processing an objectstore page table that is maintained in battery-backed SRAM, the objectstore page table being configured to track locations of all object storepages in the device, said processing comprising changing any entries inthe object store page table that indicate an object store page is indevice DRAM to an entry that indicates that the object store page is indevice flash memory.
 13. An automotive computing device programmed withinstructions which, when executed by the device, implement the method ofclaim
 12. 14. An automobile embodying an automotive computing deviceprogrammed with instructions which, when executed by the device,implement the method of claim 12.